Posted
by
BeauHDon Friday December 09, 2016 @08:25PM
from the buyer-beware dept.

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.

Posted
by
msmash
on Thursday December 08, 2016 @12:26PM
from the printer-woes dept.

When Google launched Cloud Print, it removed a lot of the hassle from using a printer. Instead of a printer only printing documents from the PC it was connected to, Cloud Print allowed any device, be it a Windows PC, Mac, Chromebook, smartphone, tablet, etc. to print to any printer either locally or remotely. However, Google Cloud Print has gone awry this week, as reports PCMag, and Epson printer owners are suffering because of it. From the article: A thread appeared on the Chromebook Central Help Forum explaining a problem where an Epson XP-410$185.00 at Amazon printer was turning itself off after 30 seconds. The printer worked without issue for two years, but now it wouldn't stay powered on. At first, this seems like a printer hardware problem, but the printer started working again once it was disconnected from the Internet. However, as soon as Google Print Cloud was enabled, the automatic power down happened again. Later in the support thread an Epson WF-4630 owner reports the same issue, as do XP-215, XP-415, XP-610, WF-545, WF-845, and WF-7610 owners.A change in Google's API for its cloud service triggered the issue, reports ArsTechnica. The change has caused a conflict between Cloud Print and printers' firmware.

Posted
by
EditorDavid
on Sunday December 04, 2016 @05:39PM
from the lawyers-for-Linux dept.

An anonymous reader quotes OStatic's update on Canonical's lawsuit against a cloud provider:
Canonical posted Thursday that they've been in a dispute with "a European cloud provider" over the use of their own homespun version of Ubuntu on their cloud servers. Their implementation disables even the most basic of security features and Canonical is worried something bad could happen and it'd reflect badly back on them... They said they've spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. Canonical feels they have no choice but to "take legal steps to remove these images." They're sure Red Hat and Microsoft wouldn't be treated like this.
Mark Shuttleworth, the founder of Ubuntu, wrote in his blog post that Ubuntu is "the leading cloud OS, running most workloads in public clouds today," whereas these homegrown images "are likely to behave unpredictably on update in weirdly creative and mysterious ways... We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that...

"To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week... When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action."

Posted
by
msmash
on Friday December 02, 2016 @11:00AM
from the taking-a-stand dept.

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.

Posted
by
BeauHDon Wednesday November 30, 2016 @04:40PM
from the devil-is-in-the-details dept.

An anonymous reader quotes a report from The Verge: Seagate and Amazon have partnered up on a $99 1TB external hard drive that automatically backs up everything stored on it to the cloud. The Seagate Duet drive's contents are cloned to Amazon Drive, so you can be pretty confident that your important stuff will be safe. Getting set up with the cloud backup process requires plugging in the drive, signing in with your Amazon account -- and that's pretty much it, from the sounds of it. Drag and drop files over, and you'll be able to access them from the web or Amazon's Drive app on smartphones and tablets. If you're new to the Drive service, Seagate claims you'll get a year of unlimited storage just for buying the hard drive, which normally costs $59.99 annually. Amazon's listing for the Duet (the only way to buy it right now) confirms as much, but there's some fine print: Offer is U.S.-only; Not valid for current Amazon Drive Unlimited Storage paid subscription customers; You've got to redeem the promo code within two months of buying the hard drive if you want the year's worth of unlimited cloud storage; If you return the Duet, Amazon says it will likely reduce your 12 months of unlimited Drive storage down to three, which beats taking it away altogether, I guess.

Posted
by
msmash
on Monday November 28, 2016 @01:00PM
from the feed-and-speed dept.

An anonymous reader shares a report on The Register: Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS. From there Duffy found a package labeled PrepareRHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host. Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances. Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.

Posted
by
BeauHDon Thursday November 24, 2016 @05:00AM
from the drastic-times-call-for-drastic-measures dept.

A recent survey of over 2,000 adults conducted by Harris Poll on behalf of Dashlane, a "leader in online identity and password management," found that nearly 40 percent of Americans would give up sex for an entire year if it meant they'd never have to worry about being hacked. Huffington Post reports: 40 percent of people also said they'd give up their favorite food for one month in the name of peace of mind online. If all of this sounds drastic, the truth is that it probably is. The single biggest thing people can do to help keep their online identity safe is probably the easiest -- a solid password. 10 years ago, anti-virus was the primary method of online security. But since the Internet has left the desktop and is on laptops, tablets, and cell phones, and since so many people now use the cloud for backing up their sensitive data, following proper password protocol is critical. Of course, having a solid password doesn't do a lot of good if you're giving it out to people. And nearly 50% of people have shared a password to an e-mail account or to an account like Netflix with a friend or had a friend share theirs (which is a surprisingly high number when you consider that 4 out of 10 people said that sharing an online social media password was more intimate than sex). A look at the password habits of Americans showed that about 30% have used a pet's name, almost 25% have used a family member's name, 21% a birthday, and 10% each have used an anniversary, a sports team, an address, or a phone number. So if you just know a few basic, personal details about someone, you've got a decent chance at cracking their password. The study also revealed some interesting data in that younger Americans (those age 18 to 34) who grew up online are far more trusting with passwords than older generations, and married people are less likely to part with passwords than single people.

Posted
by
BeauHDon Wednesday November 23, 2016 @07:05PM
from the classic-games dept.

BrianFagioli quotes a report from BetaNews: Back in the the mid-1990's, everyone thought they needed a computer. After all, Windows 95 made using one particularly easy, and the internet was a very attractive thing. Unfortunately, once some people got their first-ever PC set up in their homes, they didn't really know what to do with it. In the end, it would turn out that some consumers spent thousands of dollars for a machine dedicated to one thing -- playing Solitaire! Yes, this fun Windows game is responsible for much wasted time, but not just at home -- at businesses too. The card game has historically been viewed as a negative for productivity. Fast forward to 2016 and fewer people are sitting in front of large desktop computers at home -- people are increasingly turning to tablets and smartphones for entertainment. Today, just in time for Thanksgiving, Microsoft Solitaire Collection comes to both Android and iOS. "Microsoft Solitaire continues to be one of the most-played games of all time on Windows for more than 25 years. What's more, the version of Solitaire you know and love on Windows 10 and Windows 8 PC and mobile devices, Microsoft Solitaire Collection, has reached more than 119 million unique players in the last four years alone! And now, those on iPhone, iPad and Android devices can play the popular card game for free," says Paul Jensen, Studio Manager of Microsoft Casual Games. "[...] with Xbox Live integration, you can sign in with your Xbox Live gamertag or Microsoft account to earn Xbox Live achievements and Gamerscore, compete with friends, and continue playing on any Windows 10, iPhone, iPad, or Android device while on the go since your progress and game data are saved in the cloud. If you're not an Xbox Live member, signing up for a free membership through the game is easy and totally worth it." It's worth noting that the "freemium" model features advertisements, but players can go "Premium" to remove those ads for $2 per month and receive other perks. You can download Microsoft Solitaire Collection from the App Store, Google Play, and Windows Store.

Posted
by
msmash
on Monday November 21, 2016 @09:40AM
from the big-shark,-small-shark dept.

Oracle announced today it is buying DNS provider Dyn, a company that was in the press lately after it was hit by a large-scale DDoS attack in October that resulted in many popular websites becoming inaccessible. From a TechCrunch report:Oracle plans to add Dyn's DNS solution to its bigger cloud computing platform, which already sells/provides a variety of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products. Oracle and Dyn didn't disclose the price of the deal but we are trying to find out. Dan Primack reports that it's around $600 million. We've also asked for a comment from Oracle about Dyn's recent breach, and whether the wheels were set in motion for this deal before or after the Mirai botnet attack in October.

Posted
by
EditorDavid
on Sunday November 20, 2016 @09:34AM
from the intensive-interviews dept.

An anonymous reader summarizes the highlights of Fortune's new interview with Red Hat CEO James Whitehurst:
A recruiter told Whitehurst the culture at Red Hat was "a little bit like that Blues Brothers movie, when Dan Aykroyd says, 'We're on a mission from God.'" But Whitehurst says geeky passion "makes it a great place to be a part of," and even argues that the success of Microsoft in the 1990s can be attributed to its Microsoft Developer Network, which led developers into Microsoft's platform and infrastructure. "Developers now are heavily using open-source tools and technology and, bluntly, I think that's why Microsoft had to open source .NET and why they're embracing more open source in general. Because open source is where innovation is coming from and is what developers are consuming, it forces vendors to participate."

Looking towards the future, Whitehurst says "A rough line would be almost to say most infrastructure is going to be open source and most business functionality above it is going to be proprietary." And he also warns open source companies, "if you don't have the unique business model that allows you to add value on top of the free functionality, in the end you're going to fail... a lot of open source companies have come and gone because they've been more focused on the functionality versus how they add value around the functionality."

Posted
by
msmash
on Friday November 18, 2016 @12:40PM
from the important-discussions dept.

A new report by Danwood, which surveyed 1,000 office workers, almost half said that they print something every day and 84 percent said printing things on paper at work was an "important aspect of work." In the past, we have seen a trend growing at many workplaces where things are moving increasingly digital, implying strongly that our reliance on paper must be reducing as a result. From a report: Danwood even cites a recent IDC research which says 49 percent of business expect their print volumes to increase over the next two years. Eight in ten (80 percent) of respondents say they need paper documents to get their job done. "Despite a move to digitization, organizations remain reliant on print", says Danwood CEO Wes Mulligan. "Businesses are mindful of unnecessary waste when it comes to physical documents, but print and digital will continue to coexist in today's organizations. The easiest way to strike a balance is to look at ways that you can better integrate paper and digital processes to have a real impact on efficiency, productivity and cost reduction."What do you guys think? Will we ever hit a stage where paper will have a minimal footprint, if at all, at workplaces?

Update: Reader argStyopa shares his views on why paper is here to stay, and for good: (1) Paper is portable and readable in all circumstances. I don't need to fire up a reader, connect to Wi-Fi, turn on a laptop, whatever: here's your piece of paper, read it. (2) Paper is durable and fixed-format: if I put a paper in a file and come back 10 or even 100 years later, barring catastrophe, it'll still be there. The vagaries of non-cloud storage, and (for the cloud) the evolution of e-storage and e-doc formats means that even if I HAVE the file, I might not be able to read/open it. I have enough trouble opening now 25-year-old docs from my college days plunking on a MacSE.(3) It's harder to edit paper: simply put, e-docs are easier to fake, generally.

Posted
by
msmash
on Wednesday November 16, 2016 @03:05PM
from the what-a-day dept.

On the sidelines of major announcements such as Microsoft joining the Linux Foundation, and Google joining the .NET Foundation, at its Connect(); 2016 developer conference, Microsoft also announced that it bringing Visual Studio for rival platform Mac. The company also announced a preview of the next version of SQL Server, and a preview of Azure App Service support for containers. From a Venture Beat report:"We want to help developers achieve more and capitalize on the industry's shift toward cloud-first and mobile-first experiences using the tools and platforms of their choice," Microsoft Cloud and enterprise executive vice president Scott Guthrie said in a statement. "By collaborating with the community to provide open, flexible, and intelligent tools and cloud services, we're helping every developer deliver unprecedented levels of innovation." The fact that Microsoft is bringing its IDE to macOS would have arguably been the biggest news of the day, had the company not leaked the information itself earlier this week. Still, a preview of Visual Studio for Mac is now available, letting developers write cloud, mobile, and macOS apps on Apple's desktop operating system using .NET and C#. It's a big deal, given that Microsoft once made a point of locking in developers by only offering its tools on Windows. This has changed over time, with a big highlight in April 2015 when Microsoft launched Visual Studio Code, its cross-platform code editor, for Windows, Mac, and Linux.More info on Microsoft releasing SQL Server Preview for Ubuntu and Red Hat Enterprise Linux.

Posted
by
msmash
on Wednesday November 16, 2016 @01:40PM
from the finally dept.

Google Cloud will add GPUs as a service early next year, the company has said. Amazon Web Services, Microsoft Azure and IBM's Bluemix all already offer GPU as a service. From a report on GeekWire: Google may be seeking to distinguish itself, however, with the variety of GPUs it's offering. They include the AMD FirePro S9300 x2 and two offerings from NVIDIA Tesla: the P100 and the K80. And Google will charge by the minute, not by the hour, making GPU usage more affordable for customers needing it only for short periods. CPU-based machines in the cloud are good for general-purpose computing, but certain tasks such as rendering or large-scale simulations are much faster on specialized processors, Google explained. GPUs contain hundreds of times as many computational cores as CPUs and excel at performing risk analysis, studying molecular binding or optimizing the shape of a turbine blade. Google's GPU services will be available in early 2017 through Google Compute Engine and Google Cloud Machine Learning.

Posted
by
msmash
on Wednesday November 16, 2016 @11:45AM
from the boom dept.

Emil Protalinski, writing for VentureBeat:As part of its slew of announcements at its Connect(); 2016 developer event in New York City today, Microsoft unveiled that Google is joining the .NET Foundation. Specifically, Google is becoming a member of the Technical Steering Group, which Microsoft says "reinforces the vibrancy of the .NET developer community" and also underlines "Google's commitment to fostering an open platform that supports businesses and developers who have standardized on .NET." [...] So what does Google joining actually mean? In short, Google will help steer the future of .NET in a way that is "similar to an open standard," Xamarin cofounder and Microsoft's current vice president of mobile developer tools, Nat Friedman, told VentureBeat. Google's decision is being driven by its enterprise business (Google Cloud) and the desire to keep up with businesses adopting public and hybrid clouds. The company sees the move as part of its commitment to open-source technology, which benefits all enterprises, and cross-platform development that gives developers and IT professionals access to the best tools.

Posted
by
msmash
on Monday November 14, 2016 @09:40AM
from the new-Microsoft dept.

Microsoft will finally bring Visual Studio, a "true mobile-first, cloud-first development tool for .NET and C#," to Mac later this month, the company has said. From a report on TechCrunch:The IDE is very similar to the one found on Windows. In fact, that is presumably the point. By making it easy for OS X users to switch back and forth between platforms, Microsoft is able to ensure coders can quickly become desktop agnostic or, barring that, give Windows a try again. From the release: "At its heart, Visual Studio for Mac is a macOS counterpart of the Windows version of Visual Studio. If you enjoy the Visual Studio development experience, but need or want to use macOS, you should feel right at home. Its UX is inspired by Visual Studio, yet designed to look and feel like a native citizen of macOS. And like Visual Studio for Windows, it's complemented by Visual Studio Code for times when you don't need a full IDE, but want a lightweight yet rich standalone source editor.

Posted
by
EditorDavid
on Monday November 14, 2016 @07:30AM
from the setting-the-bar-low dept.

A new white paper from Microsoft claims that "devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7". But an anonymous reader brings more news from Windows-watcher Paul Thurrott:
in a separate blog post, it also makes its case for why Windows 10 version 1607 -- that is, Windows 10 with the Anniversary Update installed -- is the most secure Windows version yet. Improvements in this release include: Microsoft Edge runs Adobe Flash Player in an isolated container, and Edge exploits cannot execute other applications... [And] the Windows Defender signature delivery channel works faster than before so that the in-box anti-virus and anti-malware solution can help block ransomware, both in the cloud and on the client. Additionally, Windows Defender responds to new threats faster using improved cloud protection and automatic sample submission features, plus improved behavioral heuristics aimed at detecting ransomware-related activities.
Interestingly, the paper also touts Microsoft's "Advancing machine-learning systems in our email services to help stop the spread of ransomware via email delivery."

[According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

Posted
by
msmash
on Thursday November 10, 2016 @12:25PM
from the impressive-feats dept.

An anonymous reader writes: Facebook's Connectivity Lab has announced that it has achieved data transmission rates of 20Gbps over the millimetre-wave (MMW) section of the radio spectrum; however, the transceiving stations need to be incredibly tightly calibrated to each other, with the team describing the margin for error as equivalent to 'a baseball pitcher aiming for a strike zone the size of a quarter'.

Posted
by
msmash
on Wednesday November 09, 2016 @03:00PM
from the ai-revolution dept.

IBM has launched a new system-agnostic platform called Project Intu with which it aims to bring "embodied cognition" to a range of devices. From a report on SiliconAngle: In IBM's parlance, "cognitive computing" refers to machine learning. The idea behind Project Intu is that developers will be able to use the platform to embed the various machine learning functions offered by IBM's Watson service into various applications and devices, and make them work across a wide spectrum of form factors. So, for example, developers will be able to use Project Intu's capabilities to embed machine learning capabilities into pretty much any kind of device, from avatars to drones to robots and just about any other kind of Internet of Things' device. As a result, these devices will be able to "interact more naturally" with users via a range of emotions and behaviors, leading to more meaningful and immersive experiences for users, IBM said. What's more, because Project Intu is system-agnostic, developers can use it to build cognitive experiences on a wide range of operating systems, be it Raspberry PI, MacOS, Windows or Linux. Project Intu is still an experimental platform, and it can be accessed via the Watson Developer Cloud, the Intu Gateway and also on GitHub.

Posted
by
msmash
on Tuesday November 08, 2016 @09:00AM
from the getting-real-news dept.

An anonymous reader writes:Concerned over the spread of fake news on the social networking giant, US President Barack Obama has criticized Facebook, saying fake stories on social networks are spreading lies this election. Speaking at a rally for Hillary Clinton at University of Michigan, Obama said: "The way campaigns have unfolded, we just start accepting crazy stuff as normal and people if they just repeat attacks enough and outright lies over and over again. As long as it's on Facebook, and people can see it, as long as it's on social media, people start believing it, and it creates this dust cloud of nonsense," he told the gathering. A recent BuzzFeed investigation found that 38 percent of posts shared from three large right-wing politics pages on Facebook included "false or misleading information."